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1. (Cuirently Amended) A machine-readable medium having stored thereon sequences 
of instructions which, when executed by a processor, cause the processor to perform the acts of: 

disabling access to at least a first section of computer code in a network driver 
software interface that is being executed by the processor bv overwriting comp uter code that ia 
executed before the first section of computer code with blocking computer code, wherein the 
network driver software interface provides for corrmiunication between one or more media 
access control units and one or more protocol drivers in a computer system according to a set of 
bindings; 

executing the blocking computer code with the processor: 

patching the first section of computer code while the blocking computer code of 
the network driver software interface is being executed by the processo r, the patchin g of tfie first 
section of code comprising inserting a template jump jBrom the network driver software interface 
to a template in a rerouting driver in order to cause the insertion of a rerouting driver into the one 
or more communication paths provided by the set of bindings; and 

re-enabling access to the patched first section of computer code bv replacing the 
blocking computer code with computer code that allows execution of the patched first section of 
computer code , 

2. (Original) The machine-readable medium of claim 1 wherein the patching is static 
patching. 

3. (Cancelled). 

4. (Currently Amended) The machine-readable medium of claim [[3]]2a wherein [[the]] 
template jumps are inserted in the network driver software interface so that a CALL instruction 
to the protocol driver is replaced with a JUMP to the template in the rerouting driver, the 
template containing the CALL instruction. 
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5. (Currently Amended) The machine-readable medium of claim 2 wherein the patching 
of the first section of computer code creates at least one new binding between the network driver 
goftware interface and the rerouting driver. 

6. (Original) The machine-readable medium of claim 5 wherein the at least one new 
binding provides for conmaunication between one or more media access control units and a 
capturing unit in the rerouting driver. 

7. (Original) The machine-readable medium of claim 6 wherein the capturing unit is 
used to intercept communications over the at least one new binding. 

8. (Original) The machine-readable medium of claim 1 wherein the patching is dynamic 
patching. 

9. (Currently Amended) The machine-readable medium of claim 8 wh^in the dynamic 
patching includes establishing a new binding between at least one media access control unit and 
dynamic patching computer code in the rerouting drive r^ and ino e rting a tomplato jump in th e 
not^rork driver interfaoo to q templat e in th e rerouting driven 

10. (Currently Amended) The machine-readable medium of claim 9 wherein [[the]] 
template jumps are inserted in the network driver software interface so that a CALL instruction 
to the protocol driver is replaced with a JUMP to the template in the rerouting driver, the 
template containing the CALL instrxiction. 

[The Remainder of this page has been left intentionally blank,] 
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1 1 . (Currently Amended) A computer implemented method comprising: 

transmitting from a remote host to a first target computer on a network an 
installation aqpplication and a rerouting driver; 

transmitting from the remote host to the first target computer a command to cause 
the first target computer to execute the installation ^plication; 

the first target computer, responsive to receipt of the conamand> executing the 
installation application, wherein the first target computer includes a network driver §pftware 
interface that provides for communication between one or more media access control units and 
one or more protocol drivers according to a set of bindings; and 

the first target computer, responsive to executing the installation application, 
causing the modification of the network driver software interface to insert the rerouting driver 
into the one or more communication paths provided by the set of bindings while the network 
driver software interface is being executed by the first target computer and without restarting the 
first target compute r^ the first target comwter comprising a multit)rDcessor svs tem, wherein the 
insert of the rerouting driver, further comprises: 

the installation application disabling access to a least a first section of 
code in the network driver software interface bv overwriting code prior to the first section with 
blocking code; 

the installation application patching the first section of code while the 
blocking code is being executed bv the processor, the patching compris ing tnj^^rt jng a template 
jump from the network driver software interface to a template in the rerouting driver . 

12. (Currently Amended) The computer implemented method of claim 11 wherein the 
modification of the networic driver software interface is by static patching, 

13. (Cancelled). 
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14. (Currently Amended) The cx)niputer implemented method of claim [[13]]12 wherein 
the template jmnps are inserted in the network driver software interface so that a CALL 
instmction to the protocol driver is replaced with a JUMP to the template in the rerouting driver, 
the template containing the CALL instruction. 

15. (Original) The computer implemented method of claim 11 wherein the modification 
of the network driver interface is by dynamic patching. 

16- (Currently Amended) The computer implemented method of claim 15 wherein the 
dynamic patching fiirther comprises establishing a new binding between at least one media 
access control unit and dynamic patching code in the reroxiting driverr- ond inoorting a t e iiq)lat e 
jump in tho notworlc driver int e rfac e to a templote in tho rorouting driv e r , 

17. (Currently Amended) The computer implemented method of claim 16 wherein the 
template jumps are inserted in the network driver software interface so that a CALL instruction 
to the protocol driver is replaced with a JUMP to the template in the rerouting driver, the 
template containing the CALL instruction. 
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18, (Currently Amended) A computer system con4)rismg: 
a processor for simultaneously executing: 

a protocol driver; 

a network driver software intoface; 
a media access control unit; and 

a rerouting driver, wherein during installation of the rCTouting driv er, a first 
gection of code in the network driver software interface is disabled by overwriting code that is 
positioned before the first section of code with blocking code, and wherein the first section of 
code is then patched bv inserting a template jump from the network driver software interface to a 
template in the rerouting driver: 

the network driver software interface to store a first binding defining a 
communication path between the protocol driver and the media access control unit^ the netwoik 
driver software interface coupled to communicate packets with the media access control unit, the 
network driver software interface being patched to commimicate the packets with the rerouting 
driver; and 

the rerouting driver being executed by the processor at the same time as the 
netwoik driver software interface and being coupled to commuixicate the packets with the 
protocol driver. 

19, (Original) The computer system of claim 18, the rerouting driver fiirther comprising 
static patching code. 

20, (Original) The computer system of claim 18, the rerouting drivCT fijrther comprising 
dynamic patching code. 

21, (Original) The computer system of claim 18, the rerouting driver further comprising 
a capture imit to store in a buffer one or more of the packets for evaluation 
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22. (Cuixently Amended) The computer system of claim 21, the network interface [[to]] 
also stores a second binding defming a communication path between the rerouting driver and the 
media access control imit; and, the capture unit to store in the buffer the packets destined for the 
rerouting driver. 



[The Remainder of this page has been left intentionally blank.] 
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23, (Currently Amended) A rerouting driver for remotely installing network drivers and 
software in a computer system without restarting the computer system following installation, the 
computer system having an operating system and multiple processors in which a network driver 
software interface provides communication of information between at least one media access 
control unit and at least one protocol driver on the computer system, the rerouting driver 
comprising: 

control code, for controlling the rerouting driver, 

binding code, for establishing at least one binding at the network driver software 
interface so that the rerouting driver is bound to at least one media access control unit while the 
network driver software interfece and the rerouting driver are executed at the same time; 

patching code, for inserting template jumps into at least a first section of code in 
the network driver software interface, the template jumps providing jumps to t«nplates in the 
rerouting driver so that information from at least one media access control unit destined for at 
least one protocol driver is rerouted to the rerouting driva* while the network driver software 
interface and the rerouting driver are executed at the same time; 

at least one template, for receiving information from at least one template jump in 
the network driver software interface; 

blocking code, for preventing processing of the patching code that is positioned 
after the blocking code: and 

inserted code, for replacing the blocking code and evaluating rerouted information 
received by the template jumps. 



[The Remainder of this page has been left intentionally blank,] 



8 

PAGE13O6*RCVDATM00512:07:21PM[EastemDayBght^^^^ 



SEP 20 2005 12:0B FR KING 8f SPfiLDING LLP404 572 5145 TO 555 1 «05456« 1 0503 P,14 



Serial No. 09/456,894 

24- (Currently Amended) The rerouting driver of claim 23 wherein the control code 
identifies a starting memory address of the network driver interface instruction code and disables 
access to the fiiret section of code, and further wherein the patching code, following the disabling 
of access with the blocking code, operates to overwrite the first section of code and additional 
pre-determxned memory addresses so that all the pre-determined memory addresses are patched. 

25, (Currently Amended) The rerouting driver of claim 23 wherein the patching code 
responsive to receipt of information being sent fi^om the network driver software interface, 
determines the instruction code address that sent the infonnation and overwrites the first section 
of code at that address so that memory addresses are incrementally patched as infonnation is 
received fi^om the network driver interface- 

[The Remainder of this page has been left intentionally blank.] 
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26. (Currently Amended) A method for disabliiag and re-enabling access to code in a 
multiprocessor system having a shared memory and a network driver software interface 
comprising: 

selecting a first section of code of the network driver software interface in a Srst central 
processing unit that is to be modified while the network driver software interface is running; 

writing the first section of code of the network driver software interface into the cache 
memory of the first central processing unit while the network driver software interface is 
running; 

ovenvriting a portion of the first section of code in cache memory with blocking code 
comnrising code that causes a loop around serialization instructioii in order to create a first 
version of code while the network driver software interface is running; 

writing the first version of code into shared memory while the network driver software 
interface is running; 

modifying the first version of code in the cache memory to create a second version of 
code, wherein a portion of the code following the blocking code is overwritten with template 
jumps to effect a static patch of the network driver software interface while when the network 
driver software interface is running in the shared memory: 

writing the second version of code into shared memory while the network driver software 
interface is running; 

modifying the second version of code in the cache memory with code to create a third 
version of code, wherein the blocking code is overwritten to remove the blocking code while the 
network driver software interfiace is rmmtng; and 

writing the third version of code into shared memory while the network driver software 
interface is running. 
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27, (Cancelled). 

28, (Cvuxently Amended) A machine-readable medium having stored therein 
instructions, which when executed, cause a set of one or more processors to perform the 
following: 

disabhng access to a first section of code of a network driver software interface while the 
network driver software interface is naming bv overwriting code that is posi tioned before the 
first section of code with blocking code, the first section of code providing a communication 
path between a media access control unit and an application, the first section of code including a 
generic call; [[and]] 

overwriting the first section of code with a second section of code while the network 
driver software interface is rumiing the blocking code: and whos e oxooution 

executing the second section of code to cause[[s]] execution flow to be rerouted to a third 
section of code in a rerouting driver, the second section of code being no larger than the first 
section of code, 

the third section of code, when executed and while the network driver software interface 
is running the second section of code, completing the communication path and returning 
execution flow, the third section of code including additional code not present in the first section 
of code that is now inserted into the communication path. 

29, (Original) The machine-readable medium of claim 28 wherein the second section of 
code contains a template jump to a template in the third section of code. 
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30. (Withdrawn) A distributed packet based security system installed using a patching 
technique for each ixidividual computer and enabled without shutdown or restart across a 
plurality of computers in a network that enables each of said plurality of computers to evaluate 
packets received over the network according to a predetermined standard and selectively allow 
transmission of such packets from the network to a protocol driver, each of the computers 
comprising: 

a processor for running a network driver interface and the distributed packet 
based security system and for mstalling first and second code while the network driver interface 
is running; and 

a shared memory buffer between a user space that stores the first code of the 
distributed packet based security system and a system address space that stores the protocol 
driver and second code of the distributed packet based security system, wherein said second code 
is coupled to said shared memory to store information regarding packets received over the 
network, and wherein said first code is coupled to the shared memory buffer to evaluate 
information stored in the shared memory buffer. 

31. (Cancelled). 

32. (Cancelled), 

33. (Withdrawn) The distributed packet based security system of claim 30, wherein the 
install is performed remotely from a host computer on said network. 
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34. (Withdrawn) A computer system comprising; 

a plurality of networked computers each including, 
a network driver interface; 

a media access control unit coupled to the physical transmission medium of the 
network to extract packets finom data provided across said medium; 

a protocol driver coupled to the media access control unit via the network driver 

interj&ce; and 

filter code being installed such that the code is coupled to the network driver 
interface while the network driver interface is running and in between the media access control 
unit and the protocol driv^ and enabled without shutdown or restart to evaluate said packets and 
selectively allow continued transmission of different ones of said packets to the protocol driver. 

35. (Withdrawn) The computer system of claim 34, wherein the install is performed 
using a patching technique. 

36. (Withdrawn) The computer system of claim 34, wherein each of the plurality 
computers includes a shared memory buffer between a user space that stores a security 
plication and a system address space that stores the media access control unit, the protocol 
driver, and the filter code, wherein said filter code is coupled to said shared memory to store 
information regarding packets received over the network, and wherein said security application 
is coupled to the shared memory buffer to evaluate information stored in the shared memory 
buffer. 

37- (Withdrawn) The computer system of claim 34, wherein the install is performed 
remotely fit)m a host computer on said network. 
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38. (Withdrawn) A computer implemented method coniprismg: 

distributing from a remote host across a network to a plurality of computers code 
comprising a security filter to be installed by each of said plurahty of computers, each of said 
plurality of computers including routines to be executed to provide a communication path 
between a media access control unit coupled to the network and a protocol driver, said 
communication path for packets transmitted across said network; 

transmitting fiom the remote host to each of the plurality of computers a 
command to cause each of the plurality of computers to execute said code; and 

each of the plurality of computers responsive to said command performing, 
installing the code while running a network driver interface such that the code is in the 
corrununication path between the media access control unit and the protocol driver, said installed 
code being enabled, without restart of said computer, to evaluate selectively allowing continued 
transmission of different ones of said packets received over said network along the 
communication path. 

39. (Withdrawn) The method of claim 38, wherein said installing is performed using a 
patching technique. 

[The Remainder of this page has been left intentionally blank.] 
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40. (Withdrawn) The method of claim 38, wherein each of the plurality computers 
responsive to said command also perforai, forming a shared memory buffer between a system 
address space that stores the protocol driver and a user space that stores a security application, 
wherein said driver is coupled to said shared memoiy to store information regarding packets 
received over the network, wherein said apphcation is coupled to the shared memory buffer to 
evaluate information stored in the shared memory buffer. 

41, (Cancelled) 



[The Remainder of this page has been left intentionally blank,] 
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42. (Withdrawn) A machine-readable medium that provides ijcxstnictions, which whea 
executed by a set of processors, cause said set of processors to perform operations comprising: 

distributing from a remote host across a network to a plurality of computers code 
comprising a security filter to be installed by each of said plurality of computers, each of said 
plurality of computers including routines to be executed to provide a communication path 
between a media access control unit coupled to the network and a protocol driver, said 
communication path for packets transmitted across said network; 

transmitting from the remote host to each of the plurality of computers a 
command to cause each of the plurality of computers to execute said code; and 

each of the plurality of computers responsive to said command performing, 
installing the code while tunning a network driver interface such that the code is in the 
conmiunication path between the media access control unit and the protocol driver, said installed 
code being enabled, without restart of said computer, to evaluate selectively allowing continued 
transmission of different ones of said packets received over said network along the 
communication path. 

43. (Withdrawn) The machine-readable medium of claim 42, wherein said installing is 
performed using a patching technique. 
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44. (Withdrawn) The machine-readable medium of claim 42, wherein each of the 
plurahty computers responsive to said command also perforai, forming a shared memory buffer 
between a system address space that stores the protocol driver and a user space that stores a 
security application, wherein said driver is coupled to said shared memory to store information 
regarding packets received over the network, wherein said application is coupled to the shared 
memory buffer to evaluate information stored in the shared memory buffer. 

45. (Withdrawn) A computer implemented method comprising: 

installing into each of a plurality of computers on a network code coupled to the 
network driver interfece while the network driver interface is running, the code forming part of 
a distributed packet security system, said code being ixxstalled such that packets transmitted 
across said network to a given one of said plurality of computers is received by said code before 
being provided to a protocol driver, 

at least the first of said plurality of computers without being shutdown or 

restarted, 

receiving a packet from said network; and 

said code executing on said first computer selectively forwardiixg said packet onto 
the protocol driver depending upon parameters of the distributed packet base security system. 

46. (Withdrawn) The method of claim 45, wherein said installing is performed using a 
patching technique. 

47. (Withdrawn) The method of claim 45, wherein said installing is performed remotely 
over said network. 
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48. (Withdrawn) A machine-readable medium that provides instructions, which when 
executed by a set of processors, cause said set of processors to perform operations comprising: 

installing and enabling, without shutdown or restart, on each of a plurality of 
computers on a network code coupled to a network driver interface while the network driver 
interface is running, the code forming part of a distributed packet security system, said code 
being installed such that packets transmitted across said network to a given one of said plurality 
of computers is received by said code before being provided to a protocol driver; 

wherein said code, when executed responsive to one of said plurahty of 
computers receiving a packet from said network, selectively forwards said packet onto the 
protocol driver deprading iq)on parameters of the distributed packet base security system. 

49. (Withdrawn) The machine-readable medium of claim 4S, wherein said installing is 
perfomxed using a patching technique. 

50. (Withdrawn) The machine-readable medium of claim 48, wherein said installing is 
performed remotely over said network. 
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5 1 . (Withdrawn) A computer implemented method comprising: 

installing into each of a plurality of computers on a network first and second code 
that is part of a distributed packet security system, said first code being installed in a user address 
space, said second code being installed while the network driver interface is running and being in 
a communication with the network driver interface of a system address space, said second code 
being installed such that packets transmitted across said network to a given one of said plurality 
of computers is received by said second code before being provided to a protocol driver in said 
system space; 

at least the first of said plurality of computers without being shutdown or 
restarted, receiving a packet &om said network; 

said second code storing at least certain information from said packet into a 
shared memory buffer between the user address space and the system address space; and 

said first code accessing information finom said shared memory buffer* 

52. (Withdrawn) The method of claim 51, wherein said installing is performed using a 
patching technique. 

53. (Withdrawn) The method of claim 51, wherein said installing is performed remotely 
over said network. 

54. (Cancelled). 
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55. (Withdrawn) A machine-readable medium that provides instructions, which when 
executed by a set of processors, cause said set of processors to perform operations comprising: 

installing and enabling, without shutdown or restart, on each of a plurality of 
computers on a network first and second code that is part of a distributed packet security system, 
said first code being installed in a user address space, said second code being installed while the 
network driver interface is running and being in a communication with the network driver 
interface of a system address space, said second code being installed such that packets 
transmitted across said network to a given one of said plurality of computers is received by said 
second code before being provided to a protocol driver in said system space; 

wherein said second code, when executed responsive to a first of said plurality of 
computers receiving a packet from said network, stores at least certain information from said 
packet into a shared memory buffer between the user address space and the syst^ address 
space; and 

wherein said first code when executed by said first computer accesses said 
information firom said shared memory buffer. 

56. (Withdrawn) The machine-readable medium of claim 54» wherein said installing is 
performed using a patching technique. 

57. (Withdrawn) The machine-readable medium of claim 54, wherein said installing is 
performed remotely over said network, 

58. (Cancelled). 
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